Network Access Control

 View Only
  • 1.  Lan Enforcer not connected to policy manager

    Posted Mar 08, 2012 09:47 PM

    Hi,

    I have encounter some problem while trying to get my lan enforcer to connect to my SEPM.

    I am cuurrently runnning SEPM v12.1 and my Lan Enforcer is also on v12.1.

    When i run configure spm ip <ipaddress> group <group> HTTPS <port> key <shared secret>, and after that i run show status command, it reflected

    Policy Manager Connected : NO

    Enforcer Status :Online

    Over at my SEPM, its reflecting online. but it seems that my Lan enforcer is not able to grab the configurations.

     

    Please asist.

     

    Thanks



  • 2.  RE: Lan Enforcer not connected to policy manager

    Posted Mar 08, 2012 11:28 PM

    Hi,

    Can you make sure the Lan Enforcer is able to connect to the SEPM by running a ping? On the SEPM side, run another ping and make sure it can reach the enforcer.

    You can also try HTTP rather than HTTPS, see if that works. Also, it might help if you reboot the enforcer.

    Regards

    Michael Lu



  • 3.  RE: Lan Enforcer not connected to policy manager

    Posted Mar 09, 2012 01:19 AM

    Both my Lan enforcer and SEPM is able to ping each other, and i have tried reboting my Lan Enforcer. Seems like its still the same.

    I have configured my Lan Enforcer to join back to my SEPM using HTTP but its not working.

     

    Over at my SEPM, i am able to see the Lan enforcer is online but the lan enforcer is just not connected to the Policy manager.

     

    Thanks



  • 4.  RE: Lan Enforcer not connected to policy manager

    Broadcom Employee
    Posted Mar 14, 2012 06:20 AM

    Check if the Pre-shared secret key entered via spm ip <ipaddress> group <group> HTTPS <port> key <shared secret>,is the same.

    If the Key entered is different LE will not able to communicate with SEPM.

    In SEP 11 There is no way to get the Pre-shared key. We need to re-install SEPM again.



  • 5.  RE: Lan Enforcer not connected to policy manager

    Posted Mar 28, 2012 09:02 AM

    I have encountered same problem while trying to get my lan enforcer to connect to my SEPM.However I can see  Lan enforcer is successfully communicated to policy manager and its  online .  So i dont think its an issue with  Pre-shared secret key

    We are cuurrently runnning SEPM v12.1 and my Lan Enforcer is also on v12.1. 



  • 6.  RE: Lan Enforcer not connected to policy manager

    Posted Mar 30, 2012 03:31 PM
    1. Pull a packet capture from the Enforcer capture>filter>all, then capture>start
    2. Wait a few minutes, then hit ESC to stop the capture.  Note filename. 
    3. Start a TFTP server that the Enforcer can connect to
    4. Send the file to the TFTP server "capture upload tftp [ip address of TFTP server] filename [actual filename, no path needed].  Note that you need the word "filename" before the file's name.
    5. Open the capture file with Wireshark
    6. Note any http errors from the SEPM.  400 errors point to a bad shared secret.
    7. You can "recover" a shared secret in more recent builds -- call support or PM me to get the instructions
    8. Make sure that the SEPM site is actually listening on 8014
    9. Try deleting the Enforcer in the SEPM and re-run the SPM command
    10. Make sure that you are connecting to the SPM using the correct Ethernet port, especially if you have the failopen NIC (there are 6 eth ports on an Enforcer that has the Failopen NIC, I have seen many people use the wrong one).


  • 7.  RE: Lan Enforcer not connected to policy manager

    Posted Jun 13, 2012 09:38 PM

    This problem occurs to me again after it has been successfully connected to the SEPM. Right now my Lan enforcer is not able to get connected to the policy manager. On my SEPM, i found some of the error logs regarding the Lan enforcer

     

    May i know what does they mean?

     

    java.lang.NullPointerException     at com.sygate.scm.server.task.EnforcerCompilerTask.compileCommonProfile(EnforcerCompilerTask.java:953)     at com.sygate.scm.server.task.EnforcerCompilerTask.compileProfile(EnforcerCompilerTask.java:310)     at com.sygate.scm.server.task.EnforcerCompilerTask.run(EnforcerCompilerTask.java:251)     at java.util.TimerThread.mainLoop(Timer.java:512)     at java.util.TimerThread.run(Timer.java:462) com.sygate.scm.server.util.ServerException: Unexpected server error.     at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:370)     at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:339)     at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:335)     at com.sygate.scm.server.task.EnforcerCompilerTask.run(EnforcerCompilerTask.java:261)     at java.util.TimerThread.mainLoop(Timer.java:512)     at java.util.TimerThread.run(Timer.java:462) Caused by: java.lang.NullPointerException     at com.sygate.scm.server.task.EnforcerCompilerTask.compileCommonProfile(EnforcerCompilerTask.java:953)     at com.sygate.scm.server.task.EnforcerCompilerTask.compileProfile(EnforcerCompilerTask.java:310)     at com.sygate.scm.server.task.EnforcerCompilerTask.run(EnforcerCompilerTask.java:251)     ... 2 more